FEI 2.1.14 is here with a few key features that we hope will bring great value to large scale email investigations
Aggregate Domain and IP Views
We have extended FEI’s project-level aggregate data views to include domains and IP addresses. These views provide a high-level look into your project and help home in on suspect emails quickly. Here are a few things you can do:
Filter & Sort
Similar to FEI’s Evidence Grid, the project-level domain and IP views allow sorting and filtering. You can even create fairly advanced filter expressions with grouping and Boolean logic.
Intel & Navigation
You can right-click on an item to quickly navigate to its parents or invoke the corresponding intelligence view such as Domain Intel or IP Intel.
Export
You can also quickly export the data in these views via the select > copy > paste sequence. If you paste into spreadsheet software such as Excel, you can get a nice tabular view of the data.
New Index Search Fields
In addition to being able to search email headers using the headers
keyword, FEI’s Index Search now contains two additional Index Search fields: xoriginatingip
and xmailer
. These fields search the X-Originating-IP and X-Mailer MIME headers.
For instance, you can find emails with a value in their X-Mailer headers with the search xmailer:*
, or emails whose X-Originating-IP headers contain an IP address starting with 205 with the query xoriginatingip:/205\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/
From Version 2.1.13
Quick reminder that we have also added S/MIME and OpenPGP decryption and signature verification capabilities to FEI recently in v2.1.13.
We hope that the new features will help you cut to the chase faster during phishing, malware, and BEC investigations
You can review the changelog below for a list of the remaining improvements. The new version is available for download here when you are ready.